-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Tooling] Use a trusted CI agent for pipelines that require push access #21028
Changes from 6 commits
c94c0a1
afe335d
2597b0d
ab7a38e
06711d0
2899ec5
db4b88f
59a7598
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,15 @@ | ||
# yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json | ||
--- | ||
|
||
agents: | ||
queue: "android" | ||
|
||
steps: | ||
- label: "Code Freeze" | ||
plugins: [$CI_TOOLKIT] | ||
command: | | ||
.buildkite/commands/configure-git-for-release-management.sh | ||
source .buildkite/commands/configure-git-for-release-management.sh | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I agree with @mokagio that we might as well remove There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
|
||
install_gems | ||
|
||
bundle exec fastlane code_freeze skip_confirm:true | ||
agents: | ||
queue: "tumblr-metal" |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,11 @@ | ||
#!/bin/bash -eu | ||
|
||
# Git command line client is not configured in Buildkite. Temporarily, we configure it in each step. | ||
# Later on, we should be able to configure the agent instead. | ||
curl -L https://api.github.com/meta | jq -r '.ssh_keys | .[]' | sed -e 's/^/github.com /' >> ~/.ssh/known_hosts | ||
git config --global user.email "mobile+wpmobilebot@automattic.com" | ||
git config --global user.name "Automattic Release Bot" | ||
# This script needs to be source'd as use-bot-for-git exports a variable and this needs to be visible outside | ||
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then | ||
echo "This script must be 'source'd (instead of being called directly as an executable) to work properly" | ||
exit 1 | ||
fi | ||
iangmaia marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
# Buildkite is currently using the https url to checkout. We need to override it to be able to use the deploy key. | ||
git remote set-url origin git@github.com:wordpress-mobile/WordPress-Android.git | ||
echo '--- :robot_face: Use bot for git operations' | ||
# shellcheck disable=SC1091 | ||
source use-bot-for-git | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Have you considered removing the script and inlining the As far as I can see, the only additional operation in this script is the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,16 @@ | ||
# yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json | ||
--- | ||
|
||
agents: | ||
queue: "android" | ||
|
||
steps: | ||
- label: "Complete Code Freeze" | ||
plugins: [$CI_TOOLKIT] | ||
command: | | ||
.buildkite/commands/configure-git-for-release-management.sh | ||
source .buildkite/commands/configure-git-for-release-management.sh | ||
.buildkite/commands/checkout-release-branch.sh | ||
|
||
install_gems | ||
|
||
bundle exec fastlane complete_code_freeze skip_confirm:true | ||
agents: | ||
queue: "tumblr-metal" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Maybe this has been discussed elsewhere, in which case apologies for the redundancy, but it would be nice for this to eventually be an agent that doesn't have Tumblr in the name 😄 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yep, whenever I type |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,18 @@ | ||
# yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json | ||
--- | ||
|
||
agents: | ||
queue: "android" | ||
|
||
steps: | ||
- label: "Finalize release" | ||
plugins: [$CI_TOOLKIT] | ||
command: | | ||
.buildkite/commands/configure-git-for-release-management.sh | ||
source .buildkite/commands/configure-git-for-release-management.sh | ||
.buildkite/commands/checkout-release-branch.sh | ||
|
||
install_gems | ||
|
||
cp gradle.properties-example gradle.properties | ||
|
||
bundle exec fastlane finalize_release skip_confirm:true | ||
agents: | ||
queue: "tumblr-metal" |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,17 @@ | ||
# yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json | ||
--- | ||
|
||
agents: | ||
queue: "android" | ||
|
||
steps: | ||
- label: "New Beta Release" | ||
plugins: [$CI_TOOLKIT] | ||
command: | | ||
.buildkite/commands/configure-git-for-release-management.sh | ||
source .buildkite/commands/configure-git-for-release-management.sh | ||
|
||
install_gems | ||
|
||
cp gradle.properties-example gradle.properties | ||
|
||
bundle exec fastlane new_beta_release skip_confirm:true | ||
agents: | ||
queue: "tumblr-metal" |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,16 @@ | ||
# yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json | ||
--- | ||
|
||
agents: | ||
queue: "android" | ||
|
||
steps: | ||
- label: "Update release notes" | ||
plugins: [$CI_TOOLKIT] | ||
command: | | ||
.buildkite/commands/configure-git-for-release-management.sh | ||
source .buildkite/commands/configure-git-for-release-management.sh | ||
.buildkite/commands/checkout-editorial-branch.sh | ||
|
||
install_gems | ||
|
||
bundle exec fastlane update_appstore_strings version:${RELEASE_VERSION} | ||
agents: | ||
queue: "tumblr-metal" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice tidy up.
Have you considered:
I never tried it but I assume the Buildkite parser would be smart enough to allow a scalar value here and convert it to a sequence internally.
However, maybe we're better off leaving the
[ ]
so the diff when adding a new plugin will be smaller 🤷♂️There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While I think that Buildkite would allow a single value in an attribute expecting an array (and would wrap it in an array automatically for us) and thus allow such a syntax… personally I prefer to be explicit in it being an array and thus keep the
[…]
syntax.